1. Technical Field
The present invention relates to portable computers in general, and in particular to a portable computer having a biometric authentication device.
2. Description of Related Art
Computers connected to a network or in a mobile environment are exposed to the danger of attacks or thefts by software such as computer viruses or spyware. In order to establish computer platforms capable of providing a reliable level of security, an industrial group called Trusted Computing Group (TCG) has developed and published various specifications.
A Trusted Platform Module (TPM) as defined by one of the TCG specifications is a security chip that is also referred to by “TPM chip,” “Fritz chip” or “TPM Security Device.” A TPM is typically mounted on the motherboard of a computer so as not to be easily removable. A TPM verifies the validity of a platform, checks the integrity of software, etc.
The above-mentioned TCG specification also describes a method for establishing a safe and reliable computer environment by making it impossible to transplant TPMs mounted on one computer to another computer, or by making computers unable to operate when TPMs are removed from their respective motherboards. In order to operate the TPM, it is necessary to input a secret character string (Shared Secret) indicating the TPM ownership into the TPM. Moreover, with regards to several privileged operations among the operations permitted based on the TPM ownership, the authentication of physical presence is required.
Two methods for asserting physical presence are defined in the above-mentioned TCG specification. The first method is a hardware method in which pressing a start-up button connected to a TPM and formed on a platform causing a TPM's internal flag to be set. Using this hardware method, it is possible to assert that a user physically possessing the platform is operating the platform. The other method is a command method that is implemented by the software in an environment capable of asserting the user is operating the platform at the level equivalent to the hardware method. In the command method, a program called Core Root of Trust for Measurement (CRTM) is executed during the boot strapping of the platform prior to being connected to a network or running an untrusted software.
After the physical presence has been asserted and the TPM ownership has been authenticated, a user is able to use a privilege command with respect to the TPM. The contents of the privilege command are described in the above-mentioned TCG specification. The details of the physical presence are described in other TCG specifications.
In order to ensure the security of a computer, users are requested to enter various passwords such as, for example, a power-on password, a supervisor password, and a hard disk drive (HDD) password after they have pressed a start-up button to activate the power supply. Since the operations of entering these passwords for each case are usually troublesome for the users, there has been used a method, so-called “single sign-on” that replaces these passwords with a single password. Since the importance of authentication by a single password is high in the single sign-on and the security of the authentication operation needs to be increased; thus, it is effective to use biometric authentication as a precondition for performing single sign-on.
Because the conventional information processing apparatus is configured to perform fingerprint collation after an operating system (OS) has been activated, the fingerprint collation has to be performed after the electric power has been supplied to multiple devices used in the information processing apparatus, whereby the capacity of a battery is consumed unnecessarily. One prior art solution is that when the fingerprint collation is performed, the electric power is supplied to only the devices necessary for the fingerprint collation, and only when the fingerprint collation result is affirmative, a main power switch is turned on so that the electric power is supplied to the remaining devices used in the information processing apparatus, thereby suppressing unnecessary battery consumption.
There is another prior art fingerprint reading method capable of suppressing unnecessary power consumption until a finger is placed on a reading surface. According to this prior art method, an apparatus is provided with a fingerprint data acquisition sensor and a finger detection sensor located at the proximity of the fingerprint data acquisition sensor, and an activation signal for acquisition of fingerprint data is output when the fingerprint detection sensor has detected a finger placement.